------------------------------------------------------------ revno: 655 committer: Matthias Klose <d...@ubuntu.com> branch nick: openjdk8 timestamp: Thu 2015-10-22 14:01:37 +0200 message: openjdk-8 (8u66-b17-1) unstable; urgency=high * Update to 8u66-b01. * Security fixes: - S8048030, CVE-2015-4734: Expectations should be consistent - S8068842, CVE-2015-4803: Better JAXP data handling - S8076339, CVE-2015-4903: Better handling of remote object invocation - S8076383, CVE-2015-4835: Better CORBA exception handling - S8076387, CVE-2015-4882: Better CORBA value handling - S8076392, CVE-2015-4881: Improve IIOPInputStream consistency - S8076413, CVE-2015-4883: Better JRMP message handling - S8078427, CVE-2015-4842: More supportive home environment - S8078440: Safer managed types - S8080541: More direct property handling - S8080688, CVE-2015-4860: Service for DGC services - S8081744, CVE-2015-4868: Clear out list corner case - S8081760: Better group dynamics - S8086092. CVE-2015-4840: More palette improvements - S8086733, CVE-2015-4893: Improve namespace handling - S8087350: Improve array conversions - S8103671, CVE-2015-4805: More objective stream classes - S8103675: Better Binary searches - S8129611: Accessbridge error handling improvement - S8130078, CVE-2015-4911: Document better processing - S8130185: More accessible access switch - S8130193, CVE-2015-4806: Improve HTTP connections - S8130864: Better server identity handling - S8130891, CVE-2015-4843: (bf) More direct buffering - S8131291, CVE-2015-4872: Perfect parameter patterning - S8132042, CVE-2015-4844: Preserve layout presentation * Strip packages again, Debian infrastruction is fixed. Closes: #775760. -- Matthias Klose <d...@ubuntu.com> Wed, 21 Oct 2015 22:48:28 +0200 removed: debian/patches/make4-compatibility.diff modified: corba.tar.xz debian/changelog debian/patches/kfreebsd-support-jdk.diff debian/rules hotspot-aarch64.tar.xz hotspot.tar.xz jaxp.tar.xz jaxws.tar.xz jdk.tar.xz langtools.tar.xz nashorn.tar.xz root.tar.xz
-- lp:~openjdk/openjdk/openjdk8 https://code.launchpad.net/~openjdk/openjdk/openjdk8 Your team Debian Java Maintainers is subscribed to branch lp:~openjdk/openjdk/openjdk8. To unsubscribe from this branch go to https://code.launchpad.net/~openjdk/openjdk/openjdk8/+edit-subscription
=== modified file 'corba.tar.xz' Binary files corba.tar.xz 2015-07-27 15:41:37 +0000 and corba.tar.xz 2015-10-22 12:01:37 +0000 differ === modified file 'debian/changelog' --- debian/changelog 2015-10-19 13:33:45 +0000 +++ debian/changelog 2015-10-22 12:01:37 +0000 @@ -1,8 +1,36 @@ -openjdk-8 (8u66-b01-7) UNRELEASED; urgency=medium +openjdk-8 (8u66-b17-1) unstable; urgency=high + * Update to 8u66-b01. + * Security fixes: + - S8048030, CVE-2015-4734: Expectations should be consistent + - S8068842, CVE-2015-4803: Better JAXP data handling + - S8076339, CVE-2015-4903: Better handling of remote object invocation + - S8076383, CVE-2015-4835: Better CORBA exception handling + - S8076387, CVE-2015-4882: Better CORBA value handling + - S8076392, CVE-2015-4881: Improve IIOPInputStream consistency + - S8076413, CVE-2015-4883: Better JRMP message handling + - S8078427, CVE-2015-4842: More supportive home environment + - S8078440: Safer managed types + - S8080541: More direct property handling + - S8080688, CVE-2015-4860: Service for DGC services + - S8081744, CVE-2015-4868: Clear out list corner case + - S8081760: Better group dynamics + - S8086092. CVE-2015-4840: More palette improvements + - S8086733, CVE-2015-4893: Improve namespace handling + - S8087350: Improve array conversions + - S8103671, CVE-2015-4805: More objective stream classes + - S8103675: Better Binary searches + - S8129611: Accessbridge error handling improvement + - S8130078, CVE-2015-4911: Document better processing + - S8130185: More accessible access switch + - S8130193, CVE-2015-4806: Improve HTTP connections + - S8130864: Better server identity handling + - S8130891, CVE-2015-4843: (bf) More direct buffering + - S8131291, CVE-2015-4872: Perfect parameter patterning + - S8132042, CVE-2015-4844: Preserve layout presentation * Strip packages again, Debian infrastruction is fixed. Closes: #775760. - -- Matthias Klose <d...@ubuntu.com> Mon, 19 Oct 2015 15:31:42 +0200 + -- Matthias Klose <d...@ubuntu.com> Wed, 21 Oct 2015 22:48:28 +0200 openjdk-8 (8u66-b01-6) unstable; urgency=medium === modified file 'debian/patches/kfreebsd-support-jdk.diff' --- debian/patches/kfreebsd-support-jdk.diff 2015-10-15 13:48:30 +0000 +++ debian/patches/kfreebsd-support-jdk.diff 2015-10-22 12:01:37 +0000 @@ -4282,6 +4282,8 @@ #define pread64 pread #define pwrite64 pwrite +Index: b/jdk/make/lib/Awt2dLibraries.gmk +=================================================================== --- a/jdk/make/lib/Awt2dLibraries.gmk +++ b/jdk/make/lib/Awt2dLibraries.gmk @@ -309,7 +309,7 @@ LIBAWT_FILES := \ @@ -4302,16 +4304,25 @@ LDFLAGS_SUFFIX_solaris := -ljvm $(LIBM) $(LIBDL) -ljava -lc, \ LDFLAGS_SUFFIX_aix :=-ljvm $(LIBM) $(LIBDL) -ljava -lm,\ LDFLAGS_SUFFIX_macosx := -lmlib_image -ljvm $(LIBM) \ -@@ -991,7 +991,7 @@ else # OPENJDK_TARGET_OS not windows - LDFLAGS := $(LDFLAGS_JDKLIB) \ - $(call SET_SHARED_LIBRARY_ORIGIN), \ - LDFLAGS_solaris := -L$(OPENWIN_HOME)/sfw/lib$(OPENJDK_TARGET_CPU_ISADIR) -L$(OPENWIN_LIB)$(OPENJDK_TARGET_CPU_ISADIR), \ -- LDFLAGS_SUFFIX_linux := $(JAWT_LIBS) $(LDFLAGS_JDKLIB_SUFFIX), \ -+ LDFLAGS_SUFFIX_bsd := $(JAWT_LIBS) $(LDFLAGS_JDKLIB_SUFFIX), \ - LDFLAGS_SUFFIX_aix := $(JAWT_LIBS) $(LDFLAGS_JDKLIB_SUFFIX),\ - LDFLAGS_SUFFIX_solaris := $(JAWT_LIBS) $(LDFLAGS_JDKLIB_SUFFIX) -lXrender, \ - LDFLAGS_SUFFIX_macosx := -Xlinker -rpath -Xlinker @loader_path $(JAWT_LIBS) \ -@@ -1180,13 +1180,13 @@ ifeq ($(BUILD_HEADLESS), true) +@@ -637,7 +637,7 @@ ifeq ($(findstring $(OPENJDK_TARGET_OS), + MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libawt_xawt/mapfile-vers, \ + LDFLAGS := $(LDFLAGS_JDKLIB) \ + $(X_LIBS) $(LIBAWT_XAWT_LDFLAGS), \ +- LDFLAGS_linux := $(call SET_SHARED_LIBRARY_ORIGIN) \ ++ LDFLAGS_bsd := $(call SET_SHARED_LIBRARY_ORIGIN) \ + $(call SET_SHARED_LIBRARY_ORIGIN,/..), \ + LDFLAGS_solaris := -L$(OPENWIN_HOME)/sfw/lib$(OPENJDK_TARGET_CPU_ISADIR) \ + -L$(OPENWIN_LIB)$(OPENJDK_TARGET_CPU_ISADIR) \ +@@ -686,7 +686,7 @@ $(eval $(call SetupNativeCompilation,BUI + LDFLAGS_windows := $(WIN_AWT_LIB) $(WIN_JAVA_LIB), \ + LDFLAGS_SUFFIX_solaris := -lawt -ljava -ljvm -lc, \ + LDFLAGS_SUFFIX_macosx := $(LIBM) -lawt -ljava -ljvm, \ +- LDFLAGS_SUFFIX_linux := -lm -lawt -ljava -ljvm -llcms2, \ ++ LDFLAGS_SUFFIX_bsd := -lm -lawt -ljava -ljvm -llcms2, \ + LDFLAGS_SUFFIX_aix := -lm -lawt -ljava -ljvm,\ + VERSIONINFO_RESOURCE := $(JDK_TOPDIR)/src/windows/resource/version.rc, \ + RC_FLAGS := $(RC_FLAGS) \ +@@ -853,13 +853,13 @@ ifeq ($(BUILD_HEADLESS), true) MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libawt_headless/mapfile-vers, \ LDFLAGS := $(LDFLAGS_JDKLIB) \ $(call SET_SHARED_LIBRARY_ORIGIN), \ @@ -4327,6 +4338,33 @@ LDFLAGS_SUFFIX_aix := -ljvm -lawt -ljava,\ LDFLAGS_SUFFIX_solaris := $(LIBDL) -ljvm -lawt -lm -ljava $(LIBCXX) -lc, \ OBJECT_DIR := $(JDK_OUTPUTDIR)/objs/libawt_headless, \ +@@ -936,7 +936,7 @@ $(eval $(call SetupNativeCompilation,BUI + LDFLAGS := $(subst -Xlinker -z -Xlinker defs,,$(LDFLAGS_JDKLIB)) $(LDFLAGS_CXX_JDK) \ + $(call SET_SHARED_LIBRARY_ORIGIN), \ + LDFLAGS_SUFFIX := $(BUILD_LIBFONTMANAGER_FONTLIB), \ +- LDFLAGS_SUFFIX_linux := -lawt $(LIBM) $(LIBCXX) -ljava -ljvm -lc, \ ++ LDFLAGS_SUFFIX_bsd := -lawt $(LIBM) $(LIBCXX) -ljava -ljvm -lc, \ + LDFLAGS_SUFFIX_solaris := -lawt -lawt_headless -lc $(LIBM) $(LIBCXX) -ljava -ljvm, \ + LDFLAGS_SUFFIX_aix := -lawt -lawt_headless $(LIBM) $(LIBCXX) -ljava -ljvm,\ + LDFLAGS_SUFFIX_macosx := -lawt $(LIBM) $(LIBCXX) -undefined dynamic_lookup \ +@@ -1087,7 +1087,7 @@ else # OPENJDK_TARGET_OS not windows + LDFLAGS := $(LDFLAGS_JDKLIB) \ + $(call SET_SHARED_LIBRARY_ORIGIN), \ + LDFLAGS_solaris := -L$(OPENWIN_HOME)/sfw/lib$(OPENJDK_TARGET_CPU_ISADIR) -L$(OPENWIN_LIB)$(OPENJDK_TARGET_CPU_ISADIR), \ +- LDFLAGS_SUFFIX_linux := $(JAWT_LIBS) $(LDFLAGS_JDKLIB_SUFFIX), \ ++ LDFLAGS_SUFFIX_bsd := $(JAWT_LIBS) $(LDFLAGS_JDKLIB_SUFFIX), \ + LDFLAGS_SUFFIX_aix := $(JAWT_LIBS) $(LDFLAGS_JDKLIB_SUFFIX),\ + LDFLAGS_SUFFIX_solaris := $(JAWT_LIBS) $(LDFLAGS_JDKLIB_SUFFIX) -lXrender, \ + LDFLAGS_SUFFIX_macosx := -Xlinker -rpath -Xlinker @loader_path $(JAWT_LIBS) \ +@@ -1143,7 +1143,7 @@ ifndef OPENJDK + MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libkcms/mapfile-vers, \ + LDFLAGS := $(LDFLAGS_JDKLIB) \ + $(call SET_SHARED_LIBRARY_ORIGIN), \ +- LDFLAGS_SUFFIX_linux := -lc -lpthread, \ ++ LDFLAGS_SUFFIX_bsd := -lc -lpthread, \ + LDFLAGS_SUFFIX_solaris := -lc, \ + LDFLAGS_SUFFIX_windows := $(WIN_JAVA_LIB) advapi32.lib user32.lib version.lib, \ + LDFLAGS_SUFFIX_posix := -lm -ljava -ljvm, \ --- /dev/null +++ b/jdk/src/share/lib/security/java.security-bsd @@ -0,0 +1,569 @@ === removed file 'debian/patches/make4-compatibility.diff' --- debian/patches/make4-compatibility.diff 2015-01-16 14:21:04 +0000 +++ debian/patches/make4-compatibility.diff 1970-01-01 00:00:00 +0000 @@ -1,40 +0,0 @@ -# DP: Fix hotspot build system for GNU make 4.0. - -Description: Fixes a bug in adjust-mflags.sh that breaks the hotspot build - with GNU make 4.0. The adjust-mflags.sh script attempts to replace - the -j parameter but it corrupts other parameters containing the character 'j'. - make 4.0 is more strict and returns an error in this case. - - For example: - - -I/home/ebourg/openjdk8/make/common - - is transformed into: - - -I/home/ebourg/open -j2 -dk8/make/common - - This error is caused by this sed expression: - - s/ -\([^ ][^ ]*\)j/ -\1 -j/ - - This expression splits a set of concatenated options containing the 'j' character: - - -abcdefghijkl --> -abcdefghi -jkl - - But it breaks the -I parameter which is followed by a path that may contain 'j' - (and this is often true when building open*j*dk) - - The fix consists in ignoring the concatenated options if '/' is found. -Author: Emmanuel Bourg <ebo...@apache.org> -Bug: https://bugs.openjdk.java.net/browse/JDK-8028407 ---- a/hotspot/make/linux/makefiles/adjust-mflags.sh -+++ b/hotspot/make/linux/makefiles/adjust-mflags.sh -@@ -64,7 +64,7 @@ - echo "$MFLAGS" \ - | sed ' - s/^-/ -/ -- s/ -\([^ I][^ I]*\)j/ -\1 -j/ -+ s/ -\([^ I][^/ I]*\)j/ -\1 -j/ - s/ -j[0-9][0-9]*/ -j/ - s/ -j\([^ ]\)/ -j -\1/ - s/ -j/ -j'${HOTSPOT_BUILD_JOBS:-${default_build_jobs}}'/ === modified file 'debian/rules' --- debian/rules 2015-10-19 13:33:45 +0000 +++ debian/rules 2015-10-22 12:01:37 +0000 @@ -375,7 +375,6 @@ COMMON_PATCHES = \ autoconf-select.diff \ hotspot-warn-no-errformat.diff \ - make4-compatibility.diff \ aarch64.diff \ hotspot-set-compiler.diff \ ppc64el.diff \ @@ -1668,6 +1667,10 @@ $(d)/$(basedir)/jre/lib/$(archdir)/. endif +ifneq (,$(filter $(DEB_HOST_ARCH), kfreebsd-amd64 kfreebsd-i386)) + cp -a $(d)/$(basedir)/include/bsd $(d)/$(basedir)/include/linux +endif + chmod -R u+w $(d) : # use javaws from icedtea-netx @@ -2281,7 +2284,7 @@ is_release = is_release = yes hg_project = jdk8u -hg_tag = jdk8u66-b01 +hg_tag = jdk8u66-b17 package_version = $(subst jdk,,$(hg_tag)) ifneq ($(is_release),yes) package_version := $(subst -,~,$(package_version)) === modified file 'hotspot-aarch64.tar.xz' Binary files hotspot-aarch64.tar.xz 2015-07-27 15:41:37 +0000 and hotspot-aarch64.tar.xz 2015-10-22 12:01:37 +0000 differ === modified file 'hotspot.tar.xz' Binary files hotspot.tar.xz 2015-07-27 15:41:37 +0000 and hotspot.tar.xz 2015-10-22 12:01:37 +0000 differ === modified file 'jaxp.tar.xz' Binary files jaxp.tar.xz 2015-07-27 15:41:37 +0000 and jaxp.tar.xz 2015-10-22 12:01:37 +0000 differ === modified file 'jaxws.tar.xz' Binary files jaxws.tar.xz 2015-07-27 15:41:37 +0000 and jaxws.tar.xz 2015-10-22 12:01:37 +0000 differ === modified file 'jdk.tar.xz' Binary files jdk.tar.xz 2015-07-27 15:41:37 +0000 and jdk.tar.xz 2015-10-22 12:01:37 +0000 differ === modified file 'langtools.tar.xz' Binary files langtools.tar.xz 2015-07-27 15:41:37 +0000 and langtools.tar.xz 2015-10-22 12:01:37 +0000 differ === modified file 'nashorn.tar.xz' Binary files nashorn.tar.xz 2015-07-27 15:41:37 +0000 and nashorn.tar.xz 2015-10-22 12:01:37 +0000 differ === modified file 'root.tar.xz' Binary files root.tar.xz 2015-07-27 15:41:37 +0000 and root.tar.xz 2015-10-22 12:01:37 +0000 differ
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.